Contents managing method and contents managing apparatus

ABSTRACT

A contents managing method of regulating a number of copied contents storable on a storage medium includes giving a predetermined number of copyable contents for each content, recording the copied contents on the storage medium upon reception of an instruction for copy recording on the storage medium when there is a remainder in the number of copyable contents, decrementing the number of copyable contents by “1” every time one copied content is recorded on the storage medium at a time of recording, and incrementing the number of copyable contents by “1” every time one copied content is erased from the storage medium upon reception of an instruction to erase the copied contents from the storage medium.

CROSS-REFERENCE TO RELATED APPLICATION

This application is based upon and claims the benefit of priority fromthe prior Japanese Patent Application No. 11-124182, filed Apr. 30,1999, the entire contents of which are incorporated herein by reference.

BACKGROUND OF THE INVENTION

The present invention relates to a contents managing method forregulating the number of replicated contents, such as music pieces andmovies, that can be stored on a storage medium, and a contents managingapparatus which uses this method.

Conventionally, copy management has been performed on contents (works orthe like). The copyright protection and the users' convenience have beenbalanced by managing the copy generation and the number of copies.

The concept of “moving” has emerged as a replacement of the copymanagement. Copying does not erase the original data, whereas “moving”transfers data to a different location (medium) and erases the originaldata. The copy protection by “moving” has appeared to cope with thedigitalization of contents and the popularity of networks or the like.

As it recently becomes possible to copy originals with high fidelityover a network or the like, the copy management alone cannot guaranteeadequate copyright protection. Further, it is not possible to implementcopyright control on unlimited moving of contents from one medium toanother, e.g., distribution of data (by moving) for a business purpose.

BRIEF SUMMARY OF THE INVENTION

Accordingly, it is an object of the present invention to provide acontents managing method which can protect the copyright of contents byrestricting the replication of contents by regulating the number ofcopied contents that can be stored on a storage medium, and a contentsmanaging apparatus which uses this method.

According to one aspect of the present invention, there is provided acontents managing method for regulating a number of copied contentsstorable on a storage medium, the method comprising giving apredetermined number of copyable contents for each content; recordingthe copied contents on the storage medium upon reception of aninstruction for copy recording on the storage medium when there is aremainder in the number of copyable contents; decrementing the number ofcopyable contents by “1” every time one copied content is recorded onthe storage medium at the time of recording; and incrementing the numberof copyable contents by “1” every time one copied content is erased fromthe storage medium upon reception of an instruction to erase the copiedcontents from the storage medium.

The method may further comprise recording information necessary toreproduce the copied contents in a secret area provided in a memory areaon the storage medium and accessible by secret specific procedures.

The method may further comprise recording at least the number ofcopyable contents for each content in a secret memory area accessible bysecret specific procedures.

The method may further comprise recording at least the number ofcopyable contents for each content and identification information of thestorage medium having stored the copied contents in a secret memory areaaccessible by secret specific procedures; and erasing the copiedcontents from the storage medium only when the identificationinformation of the storage medium is stored in the secret memory area.

The method may further comprise recording information necessary toreproduce the copied contents and flag information indicating whether ornot the copied contents can be moved in a secret area provided in amemory area on the storage medium and accessible by secret specificprocedures, at the time of recording the copied contents on the storagemedium; and determining if moving of the copied contents is allowable byreferring to the flag information.

The method may further comprise interrupting a subsequent process when atime needed for reading or writing of data to the storage medium doesnot lie within a predetermined time.

In the method, the storage medium may be one of a first type of storagemedium having identification information of the storage medium storedtherein and having a secret area provided therein which is accessibleonly by secret specific procedures, a second type of storage mediumwhich does not have the secret area but has the identificationinformation of the storage medium, and a third type of storage mediumwhich has neither the secret area nor the identification information ofthe storage medium. In this case, at the time of recording copiedcontents on the storage medium, erasing copied contents from the storagemedium or reproducing copied contents stored on the storage medium, thetype of the storage medium is determined and then a process according tothe type is performed.

According to another aspect of the present invention, there is provideda contents managing apparatus for regulating a number of copied contentsstorable on a storage medium comprising contents copy recording meansfor giving a predetermined number of copyable contents for each content,recording the copied contents on the storage medium upon reception of aninstruction for copy recording on the storage medium when there is aremainder in the number of copyable contents, and decrementing thenumber of copyable contents by “1” every time one copied content isrecorded on the storage medium at a time of recording; and contents copymoving means for incrementing the number of copyable contents by “1”,every time one copied content is erased from the storage medium uponreception of an instruction to erase the copied contents from thestorage medium.

The apparatus may further comprise means for recording informationnecessary to reproduce the copied contents in a secret area provided ina memory area on the storage medium and accessible by secret specificprocedures.

The apparatus may further comprise means for recording at least thenumber of copyable contents for each content in a secret memory areaaccessible by secret specific procedures.

The apparatus may further comprise means for recording at least thenumber of copyable contents for each content and identificationinformation of the storage medium having stored the copied contents in asecret memory area accessible by secret specific procedures; and meansfor erasing the copied contents from the storage medium only when theidentification information of the storage medium is stored in the secretmemory area.

The apparatus may further comprise means for recording informationnecessary to reproduce the copied contents and flag informationindicating whether or not the copied contents can be moved in a secretarea provided in a memory area on the storage medium and accessible bysecret specific procedures; and means for determining if moving of thecopied contents is allowable by referring to the flag information.

The apparatus may further comprise means for interrupting a subsequentprocess when a time needed for reading or writing of data to the storagemedium does not lie within a predetermined time.

The apparatus may further comprise discrimination means for determiningwhich one of a first type of storage medium having identificationinformation of the storage medium stored therein and having a secretarea provided therein which is accessible only by secret specificprocedures, a second type of storage medium which does not have thesecret area but has the identification information of the storagemedium, and a third type of storage medium which has neither the secretarea nor the identification information of the storage medium thestorage medium is, at a time of recording copied contents on the storagemedium, erasing copied contents from the storage medium or reproducingcopied contents stored on the storage medium. In this case, thisapparatus may further comprise means for performing a process accordingto the type of the storage medium determined by the discriminationmeans.

Additional objects and advantages of the invention will be set forth inthe description which follows, and in part will be obvious from thedescription, or may be learned by practice of the invention. The objectsand advantages of the invention may be realized and obtained by means ofthe instrumentalities and combinations particularly pointed outhereinafter.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING

The accompanying drawings, which are incorporated in and constitute apart of the specification, illustrate presently preferred embodiments ofthe invention, and together with the general description given above andthe detailed description of the preferred embodiments given below, serveto explain the principles of the invention in which:

FIG. 1 is a diagram exemplifying the structure of a music contents usagemanaging system (LCM) which uses a contents managing method ofregulating the number of copied contents storable on a storage mediumaccording to one embodiment of the present invention;

FIG. 2 is a diagram showing one example of the structure of a memoryarea;

FIG. 3 is a diagram exemplifying the internal structure of arecording/reproducing apparatus (PD);

FIGS. 4A to 4C are diagrams for explaining the characteristics of threetypes of storage media;

FIG. 5 is a diagram exemplifying the internal structure of a mediainterface (I/F) section;

FIG. 6 is a diagram for explaining the recorded contents on a storagemedium after checkin;

FIGS. 7A to 7C are diagrams showing a storage example of a guest bookstored in a secret area in the LCM;

FIGS. 8A and 8B are diagrams showing another storage example of theguest book stored in the secret area in the LCM;

FIG. 9 is a flowchart for explaining a checkin/checkout routine,illustrating procedures from the determination of the type of a storagemedium to the selection of a process according to that type;

FIG. 10 is a diagram for explaining checkout procedures when the type ofthe storage medium is level 2;

FIG. 11 is a diagram for explaining checkin procedures when the type ofthe storage medium is level 2;

FIG. 12 is a diagram for explaining playback procedures when the type ofthe storage medium is level 2;

FIG. 13 is a diagram for explaining checkout procedures when the type ofthe storage medium is level 1;

FIG. 14 is a diagram for explaining playback procedures when the type ofthe storage medium is level 1;

FIG. 15 is a diagram for explaining checkout procedures when the type ofthe storage medium is level 0;

FIG. 16 is a diagram for explaining checkin procedures when the type ofthe storage medium is level 0;

FIG. 17 is a diagram for explaining playback procedures when the type ofthe storage medium is level 0;

FIGS. 18A to 18C are diagrams showing a further storage example of theguest book which is stored in the secret area in the LCM and includes aflag;

FIG. 19 is a flowchart for schematically explaining a checkin routineusing a flag;

FIG. 20 is a diagram for explaining authentication procedures using apublic-key encryption algorithm;

FIG. 21 is a diagram exemplifying the architecture of a system in thecase where copied contents are recorded on a storage medium over anetwork;

FIG. 22 is a diagram exemplifying the internal structure of a timeoutdetermining section;

FIG. 23 is a flowchart for explaining one example of a timeoutdetermining routine;

FIG. 24 is a diagram for explaining a file system which constitutes thesecret area;

FIG. 25 is a flowchart for explaining the operation of a secret-areadriver; and

FIG. 26 is a flowchart for explaining the operation of the secret-areadriver when sector allocation is updated.

DETAILED DESCRIPTION OF THE INVENTION

A preferred embodiment of the present invention will now be describedwith reference to the accompanying drawings.

FIG. 1 is a diagram exemplifying the structure of a music contents usagemanaging system (which will hereinafter be simply called “LCM”occasionally) that uses a contents managing method of regulating thenumber of copied contents storable on a storage medium according to thisembodiment. Although music pieces are used here as one example ofcontents, contents are not limited to this particular type but may bemovies, game software, etc. as well. A storage medium is not limited toa memory card (MC), which is used in this embodiment, but various otherkinds of storage media such as a floppy disk and DVD may be used aswell.

An EMD (Electronic Music Distributor) is a music distributing server ora music distribution broadcasting station.

A contents usage managing system 1 is, for example, a personal computer(PC) and comprises receiving sections #1 to #3 association with aplurality of EMDs (EMDs #1 to #3 in this example). The contents usagemanaging system 1 receives encrypted contents distributed by each EMD orthe license of the contents (a usage condition and an encrypted-contentsdecryption key) or the like. The receiving sections #1 to #3 may have aplayback capability and/or a charging capability. The playbackcapability is used to listen to distributed music contents. The chargingcapability is used in purchasing desirable contents.

The LCM 1 further comprises a secure contents server (secure musicserver (SMS) in this example) 2, which will hereinafter be simply called“SMS” occasionally. Any content purchased by a user is stored in the SMS2 via an EMD interface (I/F) section 3. As needed, the EMD I/F section 3decrypts a music content, and performs format conversion orre-encryption. When the SMS 2 receives an encrypted content, the SMS 2stores it in a music data storage section 10 and stores a music-datadecryption key in a license storage section 9. The SMS 2 may have aplayback capability, which can allow the SMS 2 to playback a musiccontent it manages on a PC.

The SMS 2 has a capability of outputting contents data to a medium(which will hereinafter be simply called “MC” (Memory Card)occasionally) 13. The MC 13 can be loaded into a recording/reproducingapparatus (which will hereinafter be simply called “PD” (PortableDevice) occasionally) 12 to playback the contents recorded in the MC 13.

Recording contents in the MC 13 from the SMS 2 can be carried outdirectly via a media (MC) interface (I/F) section 6 or can be performedvia the PD 12.

The MC 13 has an unrewritable identification (ID) information (MID)specific to that medium, and any content stored in the MC 13 isencrypted with a contents decryption key which depends on the MC 13.

The contents decryption key is encrypted with an encryption key Kpstored inside the media I/F section 6 and the PD 12 and the encryptedkey is then recorded in the MC 13.

The contents and the contents decryption key in the MC 13 can be copiedto any separate storage medium (hereinafter referred to as MCb) with thefollowing restrictions.

1. Since the legitimate PD 12 alone has the encryption key Kp, only thelegitimate PD 12 can play back the contents stored in the MCb.

2. Because the ID information MID of the MC 13 cannot be copied,however, the ID information MID of the MCb differs from the IDinformation MID of the MC 13 which has made the copy, eventuallydisabling adequate reproduction of the contents copied in the MCb. Thatis, multiple copying of the copied contents recorded in the MC 13 fromone MC to another is prevented.

The above has described the conventional structure of the LCM 1. Amethod and structure according to this embodiment will now be discussed.

To begin with, checkin/checkout will be discussed with respect to theLCM 1 in FIG. 1.

“Checkout” is the action of the LMS 1 which holds a “parent” content tocopy its replica as a “child” content into the MC 13. While the “child”content can be freely played back on the PD 12, it is prohibited tocreate a “grandchild” content from the “child” content. The number of“children” the “parent” can produce is defined as the attribute of the“parent”. “Checkin” is to connect, for example, the MC 13 to the LCM 1and cause the LCM 1 to erase (or disable the use of) a “child” content.This action can allow a “parent” content in the LCM 1 to regain theright to produce one “child” content. This is also called “checkin to“parent””.

When one attempts to accomplish this checkin/checkout simply by theconventional LCM 1, the following attack actually occurs. A “child”stored in the MC 13 is saved on a separate storage medium (excludingMID), and the “child” in the MC 13 is let to check in the “parent”.Next, the previously saved “child” is written back into the MC 13.Because checkin has already been finished, the “parent” on the LCM 1 maycopy a “child” in another MC 13. This scheme can permit production ofany number of “children”.

This “attack” can be dealt with by performing authentication at the timeof transferring data between the MC 13 and the LCM 1. Specifically,supposing that the MC 13 does not accept data transfer from anillegitimate LCM 1 and the LCM 1 does not accept data transfer from anillegitimate MC 13, a “child” in the MC 13 cannot be saved in a separaterecording medium. It is also impossible to make an unauthorized checkin.The above “attack” can therefore be avoided.

Actually, however, checkin/checkout cannot be accomplished even on thepremise that authentication between the LCM 1 and the MC 13 is madebecause the following “attack” is possible. First, with no “child”produced from a “parent” on the LCM 1, data on the LCM 1 (particularly,information in the license storage section 9) is backed up in a separatestorage medium. After a “child” is copied in the MC 13, the backed-updata of the LCM 1 is restored. Because the “parent” on the LCM 1 returnsto the state of before the production of the “child”, it is possible toproduce a “child” in another MC 13. Any number of “children” can becreated this way.

A description will now be given of a problem other than those whicharise in accomplishing checkin/checkout. This problem is concerned withrecording to the MC 13 over a predetermined communications path such asthe Internet. The Internet distribution authorized by an EMD is thelegitimate distribution that is made upon permission by a copyrightowner and thus raises no problem. But, contents may be recorded in theMC 13 via the Internet in the manner that is illustrated in FIG. 21. Acommunications section 201 on a personal computer (PC) in FIG. 21 ismerely relaying a write protocol to the MC 13. The LCM 1 cannotdistinguish the PD 12 that is directly connected to the PC #2 which isactivated by this LCM 1 from a PD 12 connected to the PC #2 that isactivated by an LCM 1 which is remotely connected via the communicationssection 201. This makes it possible to carry out (illegitimate)distribution of contents via a network such as the Internet.

Means or the like for regulating checkin/checkout and the recording ofcontents into the MC 13 over a network, which is subject matter of thepresent invention, will now be described in order of the items listedbelow.

-   -   1. Checkin/checkout        -   (1-1) Checkin/checkout        -   (1-2) Checkin/checkout of Copied Contents Using MC of Level            2        -   (1-3) Guest Book-oriented Management of Copied Contents        -   (1-4) Playback of Copied Contents Stored in MC of Level 1        -   (1-5) Checkin/checkout of Copied Contents and Playback of            Copied Contents Using MC of Level 1        -   (1-6) Checkin/checkout of Copied Contents and Playback of            Copied Contents Using MC of Level 0    -   2. Means for Regulating Recording of Copied Contents in MC over        Network    -   3. Secret Area        (Checkin/Checkout)

To accomplish checkin/checkout, an area (secret area) which cannot beread or written with known procedures is provided in the memory area inthe MC 13 and information needed to decrypt contents is recorded in thesecret area (see FIG. 2). In addition, an area (secret area) which canbe accessed only with secret procedures is provided in the memory areain the LCM 1 (e.g., a hard disk (HDD) when the LCM 1 is constructed by aPC) and a guest book to be described later is stored in the secret area(see FIG. 2). Further, an area (secret area) which can be accessed onlywith secret procedures may be provided in the memory area in the PD 12so that information needed to decrypt contents is recorded there (seeFIG. 2). In the following description, an area which is other thansecret areas and is accessible by ordinary procedures is called “publicarea”.

As shown in FIG. 1, The LCM 1 has a guest book storage section 8provided in the secret area and a secret-area driver 7 for reading datafrom the secret area after the SMS 2 carries out secret specificprocedures for accessing the guest book storage section 8.

As shown in FIG. 4C, the MC 13 includes an ID-information storagesection 13 b which is designed to be externally unwritable anduncopyable and stores its ID information MID, a secret area 13 c, apublic area 13 a and a switch (SW) 13 e which opens the gate so as to beaccessible to the secret area 13 c only when an authentication section13 d, which carries out authentication every time the secret area 13 cis accessed, determines that the accessing side is the legitimate. Thereare three types of MCs 13 usable in this embodiment. The type of the MC13 which has both ID information MID and a secret area, as shown in FIG.4C, is called “level 2”. The type of the MC 13 which does not have asecret area but ID information MID, as shown in FIG. 4B, is called“level 1”. The type of the MC 13 which has neither ID information MIDnor a secret area, as shown in FIG. 4C, is called “level 0”. Level 0 canbe distinguished from the other types depending on whether or not the MC13 has ID information MID. Further, level 1 and level 2 can bedistinguished from each other based on the structure of the IDinformation MID. For example, when ID information is a series of values,it is level 2 if the value is equal to or greater than a predeterminedvalue.

The following description will be given of the MC 13 of level 2 unlessotherwise specified.

This MC 13 may be loaded either into the PD 12 connected to the LCM 1 orinto the LCM 1 directly.

FIG. 3 exemplifies the structure of the PD 12 in which example the MC 13is loaded in the a media interface (I/F) section 12 f. In the case wherethe LCM 1 reads or writes data to the MC 13 via the PD 12, the secretarea in the MC 13 is accessed via a secret-area accessing section in thePD 12. The media I/F section 12 f has the secret-area accessing sectionfor accessing the secret area in the MC 13. The secret area in the PD 12may be provided in a flash memory 12 d. Written in a ROM 12 c are aprogram for carrying out mutual authentication with the MC 13 and aprogram for discriminating the type of the MC 13. Those programs carryout processes, such as mutual authentication between the PD 12 and theMC 13 and discrimination of the type of the MC 13, under the control ofa CPU 12 a.

FIG. 5 shows the structure of the media I/F section 6, which comprisesan authentication section 6 c which performs mutual authentication withthe MC 13, a media discriminating section 6 b which discriminates thetype of the MC 13, and a control section 6 a which performs the generalcontrol of the former two sections. The authentication section 6 c is asecret-area accessing section for accessing to the secret area in the MC13.

The guest book which is stored in the secret area in the LCM 1 will nowbe discussed.

Every music content that is held in the SMS 2 has a content ID (TID)which is ID information to identify that music content and apredetermined number of copyable contents or the number of remainingchildren and a checkout list as attribute information. This attributeinformation is referred to as a guest book. The guest book is recordedin the guest book storage section 8 provided in the secret area in theform as illustrated in FIG. 7A.

In FIG. 7A, the number of remaining children of, for example, a contentID “TID1” is “2” and its checkout list is L1.

The checkout list is a list of ID information of the MC 13 which hasrecorded copied contents (children). In FIG. 7A, for example, it isapparent from the checkout list L1 that children of the content whichhas the content ID “TID1” have checked out from two MCs 13 having IDinformation of “m1” and “m2”.

(Checkin/Checkout of Copied Contents Using MC of Level 2)

Next, checkin/checkout using the MC 13 of level 2 which has thestructure as shown in FIG. 4C will be discussed with reference to FIGS.9 to 11.

When the MC 13 is loaded into the media I/F section 6 of the LCM 1 orinto the PD 12, mutual authentication is carried out between the mediaI/F section 6 and the MC 13 or between the PD 12 and the MC 13 (step S1in FIG. 9). When both sections have determined that the other islegitimate (step S2), the media I/F section 6 or the PD 12 discriminatesthe type of the MC 13 based on the ID information MID read from the MC13 (step S3). As the type of the MC 13 is level 2 here, the media I/Fsection 6 or the PD 12 carries out a checkin/checkout routine accordingto that type (step S6).

Referring to FIG. 10, a description will now be given of the case wherea checkout instruction is given to the SMS 2 via a user interface (I/F)section 15 of the LCM 1 or via the PD 12. The SMS 2 checks the number ofremaining children, n, of a content (e.g., the one whose content ID is“TID1”) for which a request for checkout from the guest book has beenmade (step S101). When n>0, the SMS 2 performs mutual authenticationwith the MC 13 if needed (step S102). When their legitimacy is mutuallyverified, the SMS 2 asks the MC 13 to transfer its ID information MID(e.g., MID=m0) (step S103).

The SMS 2 generates a random number r and generates an encryption key wusing this random number r, the ID information m0 of the MC 13 and a keygenerating algorithm W that the legitimate MC 13 and the LCM 1 share.The key generating algorithm W uses two arguments (r and m0 in thisexample) and serves to change the encryption key w each time. The SMS 2further encrypts a contents decryption key K(C) for decrypting theencrypted content using both an encryption key Kp, which the MC 13 andthe LCM 1 share, and the previously generated encryption key w. Thiscontents decryption key is expressed by w[Kp[k(C)]]. The SMS 2 alsoencrypts a content C with a key K(C). The encrypted content is expressedby K(C)[C] (step S104).

After making a folder having the name of “TID1”, for example, in thememory area in the MC 13 (step S105), the SMS 2 writes the encryptedcontent K(C)[C] and the encrypted contents decryption key w[Kp[k(C)]] inthe public area in that folder (steps S106 and S107).

Then, the SMS 2 performs mutual authentication with the MC 13 in orderto access the secret area 13 c of the MC 13, and writes the randomnumber r in an area corresponding to the folder “TID1” in the secretarea 13 c when the gate to the secret area 13 c is opened as a result oftheir legitimacy being mutually verified (steps S108 to S109). When thisprocess is completed, the gate that has enabled access to the secretarea 13 c is closed by the switch 13 e. It is desirable that the routeup to the transfer of the random number r to the secret area 13 c instep S108 be protected by carrying out a process, such as encrypting therandom number r.

Finally, the SMS 2 subtracts “1” from the number of remaining children nof the content having the content ID of “TID1” for which the request forcheckout from the guest book has been made and adds the ID information“m0” of the MC 13 to the checkout list L1 as shown in FIG. 7B (stepS110).

FIG. 6 shows the recorded contents on the MC 13 when the above-describedroutine is completed.

Referring to FIG. 11, a description will now be given of the case wherea checkin instruction is given to the SMS 2 via the user I/F section 15of the LCM 1 or via the PD 12.

The SMS 2 performs mutual authentication with the MC 13 if needed (stepS201). When their legitimacy is mutually verified, the SMS 2 asks the MC13 to transfer its ID information MID (e.g., MID=m0) (step S202).

The SMS 2 generates random numbers r1 and r2 when the ID information ofthe MC 13, i.e., “m0”, is registered in the checkout list in the guestbook of the content whose checkin request has been made (e.g., thecontent has the content ID of “TID1”) (step S203). Then, the SMS 2overwrites information stored in the area that corresponds to the folderof this content (folder “TID1” in this example) in the public area 13 aof the MC 13 with the random number r2 to erase it (step S204). The SMS2 also performs mutual authentication with the MC 13 in order to accessthe secret area 13 c of the MC 13, and overwrites information in thearea that corresponds to the folder “TID1” in the secret area 13 c ofthe MC 13 with the random number r1 to erase it (step S205). When thisprocess is completed, the gate that has enabled-access to the secretarea 13 c is closed by the switch 13 e. It is desirable that the routeup to the transfer of the random number r1 to the secret area 13 c instep S205 be protected by carrying out a process, such as encrypting therandom number r1.

Thereafter, the SMS 2 asks the MC 13 to transfer the values of theindividual areas after overwriting to verify the overwriting-orientederasure (step S206) and checks if the values respectively match with therandom numbers r1 and r2 (step S207). When verifying theoverwriting-oriented erasure, the SMS 2 erases the folder “TID1” fromthe MC 13 (step S208).

Finally, as shown in FIG. 7C, the SMS 2 adds “1” to the number ofremaining children n of the content having the content ID of “TID1” forwhich the request for checking in the guest book has been made anddeletes the ID information “m0” of the MC 13 from the checkout list L1(step S209).

The random number r recorded in the secret area 13 c in the MC 13 cannotbe saved in a separate storage medium (because noauthentication-oriented legitimacy can be confirmed). After the contenthaving the ID information of “TID1” checks in, therefore, the contentrestored in the MC 13 cannot be used. The guest book that is stored inthe secret area in the LCM 1 cannot be saved in a separate recordingmedium (because no authentication-oriented legitimacy can be confirmed).After the content having the ID information of “TID1” checks out,therefore, the guest book cannot be set back to the state of before thecheckout. Apparent from the above, the present invention provides anadequate countermeasure against the aforementioned attack.

At the time of making checkin, from the viewpoint of security, it isimportant to overwrite the contents of the secret area in the MC 13 witha random number. It is only the legitimate SMS 2 that can write data inthe secret area in the MC 13. In other words, the legitimate SMS 12always writes data in the secret area by taking security procedures. Thelegitimacy of the MC 13 is guaranteed if writing through the securityprocedures succeeds. That is, it is possible to prevent an illegitimatechecking. To enhance the security, the SMS 2 overwrites the informationin the secret area with a random number, then reads the contents of thesecret area (through the security procedures) and checks if the contentsare the overwritten random number.

(Guest Book-Oriented Management of Copied Contents)

The SMS 2 may check in a content whose title (content ID) is not listedin the guest book. Alternatively, the SMS 2 may allow checkin from a MC13 which is not listed in the checkout list. In this case, the guestbook does not have a checkout list of the individual contents. This isbecause the checkout list is to be referred to for the purpose ofpreventing checkin from an “innocent” MC 13. FIG. 8A shows the storedcontents of the guest book in this case.

As shown in FIG. 8A, the guest book of the individual contents has onlythe content ID of each content and the number of remaining children ofthat content registered therein.

Let us consider a case where a content having a content ID of “TID7”checks in from the MC 13 which has the ID information MID=m0. That is, acontent whose content ID is “TID7” and which has checked out from aseparate SMS 2 is currently stored in the form as shown in FIG. 6 inthis MC 13.

The LCM 1 erases the stored contents of the secret area and public areain the MC 13 and deletes the folder “TID7” without going over step S203of referring to the checkout list in the procedures illustrated in FIG.11. Then, registration of a new content (TID7, 1) is made into the guestbook.

If the LCM 1 checks in a content which is not listed in the guest book,the following event, for example, becomes possible. Suppose that a“parent” content the LCM 1 which is constructed by a home PC stores canhave two “children”. The LCM 1 checks out one “child” from the home PCwith respect to the MC 13 and checks it in to a friend's PC. This meansthat the “parent” the LCM 1 purchased has reduced the number ofproducible “children” and has presented a content to the friend.

If the LCM 1 is allowed to check in a content which is not listed in theguest book, it is apparently possible to “move” a “child” content viathe LCM 1. While this function is convenient to users, it also providesan opportunity to develop the market of secondhand goods. Actually, thefollowing transaction of used contents can take place. A user purchasesa new content from one EMD and checks this content in the LCM 1 of aused-data dealer after a short period of usage. At this time, this usercan receive money for the content. The used-data dealer sells the datato another person who wants it at a price cheaper than the normal priceat the EMD.

The establishment of a “secondhand market” where the copyright ofcontents cannot be controlled is not desirable to copyright holders. Toallow each copyright holder to control the checkin to different LCMs 1,therefore, each content may be provided with a checkout attribute flagf.

FIG. 18A shows the form of the guest book the LCM 1 has in this case.

As shown in FIG. 18A, the guest book of the individual contents has thecontent ID, the number of remaining children, the checkout list and thecheckout attribute flag f of each content registered therein.

When the flag f is “1”, the associated content can check out from andcheck in another LCM 1. When the flag f is “0”, however, the associatedcontent cannot at least check in another LCM 1.

Let us consider a case where a content having a content ID of “TID6”checks out. First, the SMS 2 checks the guest book and confirms that thecheckout attribute flag of this content is “1”. In this example, it isassumed that with the flag value being “0”, the LCM 1 does not check outthe content. When the flag f is “1”, the number of remaining childrenwith the content ID of “TID6” in the guest book is decremented by “1” bythe same procedures as illustrated in FIG. 10, so that this numberbecomes “1” (see FIG. 18B). It is to be noted that a checkout list L6 isempty (denoted by “φ”) and what is more, the flag f is “1” which allowsthe associated content to check in an LCM 1 provided on another PC. Theguest book need not therefore have a checkout list. It is also to benoted that the flag f is recorded together with the random number r inthe secret area in the MC 13.

Referring now to the flowchart shown in FIG. 19, a description will begiven of the case where the content having the content ID of “TID6”checks in the same LCM 1 from which it has checked out or checks inanother LCM 1.

Through the procedures illustrated in FIG. 11, mutual authentication iscarried out between the MC 13 and the LCM 1 (step S11) to acquire the IDinformation MID of the MC 13 (step S12).

Regardless of whether or not the content whose checkin request has beenmade is registered in the guest book, the SMS 2 carries out theabove-described security procedures on the secret area 13 c in the MC 13(the gate to the secret area 13 c is opened after mutual authenticationwith the MC 13 is performed and their legitimacy is verified) to readthe flag f from the secret area 13 c (step S13). When the flag f is “1”(step S14), the SMS 2 executes steps S204 to S208 in FIG. 11 (steps S15to S16). When the flag f is “0”, the SMS 2 terminates the routine.Finally, when the content is not registered in the guest book, newregistration (TID6, 1, φ, 1) with the number of remaining children ofthat content being set to “1” is made in the guest book, whereas whenthe content is registered in the guest book, the number of remainingchildren of that content is incremented by “1” (step S17).

(Playback of Copied Contents Stored in MC of Level 1)

Referring now to FIG. 12, a description will be given of how to playback a copied content stored in the MC 13 of level 2 which has thestructure as shown in FIG. 4C. When the MC 13 is loaded into the PD 12,the PD 12 asks the MC 13 to transfer its ID information MID (e.g.,MID=m0) (step S301). At this time, the type of the MC 13 can bediscriminated to be level 2 based on the ID information MID=m0.Accordingly, the PD 12 reads out w[Kp[k(C)]] from the secret area in theMC 13 (step S302). The PD 12 then performs mutual authentication withthe MC 13 to access the secret area 13 c of the MC 13, and reads arandom number r from an area corresponding to the folder “TID1” in thesecret area 13 c when the gate to the secret area 13 c is opened as aresult of their legitimacy being mutually verified (step S303). Whenthis process is completed, the gate that has enabled access to thesecret area 13 c is closed by the switch 13 e.

The PD 12 generates an encryption key w using the ID information “m0” ofthe MC 13 and the key generating algorithm W that the legitimate MC 13and the PD 12 share. The PD 12 decrypts a contents decryption key K(C)from the encryption key w, the encryption key Kp that the MC 13 and LCM1 share, and w[Kp[k(C)]] read from the MC 13 (step S304).

Then, the PD 12 reads an encrypted content K(C)[C] from the public areain the MC 13 (step S305), decrypts the content C in a decryption section12 g, decodes the decrypted content in a decoder 12 h, converts theresultant digital signal to an analog signal in a D/A conversion section12 i and plays back the music piece (step S306).

(Checkin/Checkout of Copied Contents and Playback of Copied ContentsUsing MC of Level 1)

Referring now to FIGS. 9 and 13, a description will be given ofcheckin/checkout using the MC 13 of level 2 which has the structure asshown in FIG. 4B. It is to be noted that the MC 13 of level 1 has nosecret area and cannot therefore make checkin.

The sequence of procedures from the point when the MC 13 is loaded intothe media I/F section 6 of the LCM 1 or into the PD 12 up to thediscrimination of the type of the MC 13 are the same as those in FIG. 9.

As the type of the MC 13 is level 1 here, the media I/F section 6 or thePD 12 carries out a checkin/checkout routine according to that type(step S5).

When an checkin instruction has been made to the SMS 2 via the user I/Fsection 15 of the LCM 1 or via the PD 12, this instruction is rejectedas the type of the MC 13 has been discriminated as level 1.

Referring now to FIG. 13, a description will be given of the case wherea checkout instruction is given to the SMS 2 via the user I/F section 15of the LCM 1 or via the PD 12.

The SMS 2 checks the number of remaining children, n, of a content(e.g., the one whose content ID is “TID1”) for which a request forcheckout from the guest book has been made (step S401). When n>0, theSMS 2 performs mutual authentication with the MC 13 if needed (stepS402). When their legitimacy is mutually verified, the SMS 2 asks the MC13 to transfer its ID information MID (e.g., MID=m0) (step S403).

As in the case of level 2, the SMS 2 carries out generation of a randomnumber r, generation of an encryption key w, encryption of a content keyusing the keys w and Kp and encryption of a content C (step S404), andthen creates a folder whose name is “TID1”, for example, in the memoryarea (only the public area in this example) in the MC 13 (step S405).Then, the SMS 2 writes the encrypted content K(C)[C], the encryptedcontents decryption key w[Kp[k(C)]] and the random number r in thisfolder (steps S406 to S408).

Finally, the SMS 2 subtracts “1” from the number of remaining children nof the content having the content ID of “TID1” for which the request forcheckout from the guest book has been made and adds the ID information“m0” of the MC 13 to the checkout list L1 as shown in FIG. 7B (stepS409).

Referring now to FIG. 14, a description will be given of how to playback a copied content stored in the MC 13 of level 1. When the MC 13 isloaded into the PD 12, the PD 12 asks the MC 13 to transfer its IDinformation MID (e.g., MID=m0) (step S501). At this time, the type ofthe MC 13 can be discriminated to be level 1 based on the ID informationMID=m0. Accordingly, the PD 12 reads out w[Kp[k(C)]] and the randomnumber r from the memory area (only the public area) in the MC 13 (stepsS502 to S503), and generates an encryption key w using the random numberr, the ID information “m0” of the MC 13 and the key generating algorithmW that the legitimate MC 13 and the PD 12 share. The PD 12 decrypts acontents decryption key K(C) from the encryption key w, the encryptionkey Kp that the MC 13 and LCM 1 share, and w[Kp[k(C)]] read from the MC13 (step S504).

Then, the PD 12 reads an encrypted content K(C)[C] from the memory area(only the public area) in the MC 13 (step S505), decrypts the content Cin the decryption section 12 g, decodes the decrypted content in thedecoder 12 h, converts the resultant digital signal to an analog signalin the D/A conversion section 12 i and plays back the music piece (stepS506).

(Checkin/Checkout of Copied Contents and Playback of Copied ContentsUsing MC of Level 0)

Referring now to FIGS. 9, 15 and 16, a description will be given ofcheckin/checkout using the MC 13 of level 0 which has the structure asshown in FIG. 4A.

The MC 13 of level 0 cannot perform checkin/checkout and playbackwithout using the PD 12. As this MC 13 does not have ID information MID,the ID information PID of the PD 12 is used instead in carrying outcheckin/checkout.

The sequence of procedures from the point when the MC 13 is loaded intothe PD 12 up to the discrimination of the type of the MC 13 are the sameas those in FIG. 9.

As the type of the MC 13 is level 0 in this example, the PD 12 carriesout a checkin/checkout routine according to that type (step S4).

Referring now to FIG. 15, a description will be given of the case wherea checkout instruction is given to the SMS 2 via the PD 12.

The SMS 2 checks the number of remaining children, n, of a content(e.g., the one whose content ID is “TID1”) for which a request forcheckout from the guest book has been made (step S601). When n>0, theSMS 2 performs mutual authentication with the PD 12 (step S602). Whentheir legitimacy is mutually verified, the SMS 2 asks the PD 12 totransfer its ID information PID (step S603).

As in the case of level 2, the SMS 2 carries out generation of a randomnumber r, generation of an encryption key w, encryption of a content keyusing the keys w and Kp and encryption of a content C (step S604). It isto be noted that the two arguments the key generating algorithm W takesare r and PID.

Then, the SMS 2 creates a folder whose name is “TID1”, for example, inthe memory area (only the public area in this example) in the MC 13(step S605). Then, the SMS 2 writes the encrypted content K(C)[C], theencrypted contents decryption key w[Kp[k(C)]] in this folder (steps S606to S607).

The SMS 2 writes the random number r in the secret area in the PD 12(step S608). It is desirable that the route up to the transfer of therandom number r to the secret area of the PD 12 in step S608 beprotected by carrying out a process, such as encrypting the randomnumber r.

Finally, the SMS 2 subtracts “1” from the number of remaining children nof the content having the content ID of “TID1” for which the request forcheckout from the guest book has been made and adds the ID information“PID” of the PD 12 to the checkout list L1 as shown in FIG. 7B (stepS609).

Referring now to FIG. 16, a description will be given of the case wherea checkin instruction is given to the SMS 2 via the PD 12.

The SMS 2 performs mutual authentication with the MC 13 (step S701).When their legitimacy is mutually verified, the SMS 2 asks the PD 12 totransfer its ID information PID (step S702).

The SMS 2 generates random numbers r1 and r2 when the ID information PIDof the PD 12 is registered in the checkout list in the guest book of thecontent whose checkin request has been made (e.g., the content has thecontent ID of “TID1”) (step S703). Then, the SMS 2 overwritesinformation stored in the area that corresponds to the folder of thiscontent (folder “TID1” in this example) in the public area 13 a of theMC 13 with the random number r2 to erase it (step S704). The SMS 2 alsoperforms mutual authentication with the PD 12 in order to access thesecret area of the PD 12, and overwrites information in the area thatcorresponds to the folder “TID1” in the secret area 13 c with the randomnumber r1 to erase it (step S705). When this process is completed, thegate that has enabled access to the secret area of the PD 12 is closedby the switch 13 e. It is desirable that the route up to the transfer ofthe random number r1 to the secret area 13 c in step S705 be protectedby carrying out a process, such as encrypting the random number r1.

Thereafter, the SMS 2 asks the MC 13 to transfer the value afteroverwriting to verify the overwriting-oriented erasure or reads thevalue of this area after overwriting from the secret area of the PD 12(step S706) and checks if the values respectively match with the randomnumbers r1 and r2 (step S707). When verifying the overwriting-orientederasure, the SMS 2 erases the folder “TID1” from the MC 13 (step S708).

Finally, as shown in FIG. 7C, the SMS 2 adds “1” to the number ofremaining children n of the content having the content ID of “TID1” forwhich the request for checking in the guest book has been made anddeletes the ID information “PID” of the PD 12 from the checkout list L1(step S709).

Referring now to FIG. 17, a description will be given of how to playback a copied content stored in the MC 13 of level 0. When the MC 13 isloaded into the PD 12, the PD 12 asks the MC 13 to transfer its IDinformation MID but the MC 13 does not have ID information, so that thePD 12 can discriminate that the type of the MC 13 is level 0.Accordingly, the PD 12 reads out w[Kp[k(C)]] from the memory area (onlythe public area) in the MC 13 (step S801), and generates an encryptionkey w using the ID information “PID” of the PD 12 itself, the randomnumber r stored in the secret area of the PD 12 and the key generatingalgorithm W. The PD 12 then decrypts a contents decryption key K(C) fromthe encryption key w, the encryption key Kp and w[Kp[k(C)]] read fromthe MC 13 (step S802).

Then, the PD 12 reads an encrypted content K(C)[C] from the memory area(only the public area) in the MC 13 (step S803), decrypts the content Cin the decryption section 12 g, decodes the decrypted content in thedecoder 12 h, converts the resultant digital signal to an analog signalin the D/A conversion section 12 i and plays back the music piece (stepS804).

(Means for Regulating Recording of Copied Contents in MC over Network)

To overcome the second conventional problem or to regulate recording ofa content to the MC 13 over a network, a timeout discriminating section4 is provided in the present invention as shown in FIG. 1.

The timeout discriminating section 4 sets a given restriction time andinterrupts the sequence of procedures of reading and/or writing to theMC 13 when the sequence is not finished within the restriction time.Because communications over a network usually takes a considerablylonger time than communications to a device which is directly connected,the timeout capability can cope with illegitimate copying over thenetwork. It is also possible to use band restriction. Assuming that theband of communications with the device is constant, it is possible tocompute the upper limit of the time need to transfer a certain size ofdata to the device. When the actual transfer time exceeds the computedtime, the routine is interrupted.

The above will be discussed below more specifically referring to thestructure of the timeout discriminating section 4 shown in FIG. 22 andthe flowchart shown in FIG. 23. Suppose that the timeout time has beenpreset to t and the communication bandwidth between the LCM 1 and the PD12 is b. The operation of the timeout discriminating section 4 will bediscussed with reference to the case where checkout is made to the MC 13that is loaded into, for example, the PD 12.

When a reading/writing operation which is included in the procedures ofmaking checkout to the MC 13 that is loaded into the PD 12 is initiated,the timeout discriminating section 4 receives a decision start signalfrom the SMS 2 via a decision-start signal input section 102 (step S20)and receives the size s of packet data, which is exchanged between theSMS 2 and the PD 12, from a data-size input section 101 (step S21). Acontrol section 105 acquires the current time T from a clock 107 via atime acquisition section 106 (step S22). Accordingly, the controlsection 105 acquires a bandwidth b from a bandwidth storage section 108(step S23), computes an estimated end time T′ (step S24) and stores thisestimated end time T′ in an estimated-end-time storage section 111 (stepS25).

The estimated end time T′ can be acquired from an equation T′=T+s/busing the bandwidth b and the data size s.

When the timeout discriminating section 4 receives a decision-end signalfrom the SMS 2 via a decision-end signal input section 103 at the sametime as the reading/writing operation to the MC 13 loaded in the PD 12is finished (step S26), the control section 105 reacquires the currenttime T (step S27) and compares the difference between the previouslycomputed estimated end time T′ and the current time T with the timeouttime t (step S28). When this difference is greater than the timeout timet, the control section 105 determines that the decision result is “NG”(No Good) and informs the SMS 2 of this decision result (step S30). Ifthe PD 12 is connected to a PC #2 which is connected over a network tothe LCM 1 that is located in a PC #1 which is different from the PC #2and performs checkout as illustrated in FIG. 21, the decision result of“NG” is obtained so that the LCM 1 in the PC #1 interrupts thesubsequent steps in the routine for making checkout.

Alternatively, the decision result may be made “NG” when thereading/writing operation has not been completed yet even after theestimated end time T′ has passed.

The timeout discriminating section 4 may operate in two modes. One modeis taken when the data size s is input to the data-size input section101, and at this time, the timeout discriminating section 4 computes theestimated end time T′=T+s/b and stores it in the estimated-end-timestorage section 111. Upon reception of the decision-end signal, thetimeout discriminating section 4 compares the current time T with thetime T′ stored in the estimated-end-time storage section 111. When theformer time is smaller than the latter, the timeout discriminatingsection 4 informs the SMS 2 of the decision result being OK. Otherwise,the timeout discriminating section 4 informs the SMS 2 of the decisionresult being “NG”.

The other mode takes place when the decision-start signal is input tothe decision-start signal input section 102. In this mode, the timeoutdiscriminating section 4 stores the current time T+timeout time t in theestimated-end-time storage section 111. The operation for determiningthe timeout in this mode is the same as that done in the first mode.

(Secret Area)

The LCM 1 of the present invention uses a secret area in order to storea checkin/checkout guest book. When the LCM 1 is constructed by a PC,this secret area is created on a hard disk (HDD).

The secret area on the HDD will now be discussed below.

Normally, partitions are present on the HDD. Each partition isrecognized as one drive by the OS. Each partition contains a pluralityof sectors on which data is recorded. The data allocation in the sectorsis called a logical format. A file system generally has a fileallocation table on which the positions of individual files and thedirectory on the sectors are recorded. The OS acquires the position of afile to be accessed by referring to the file allocation table, andaccesses the target file. The physical allocation of the sectors iscalled a physical format. The individual partitions can have differentphysical formats. The position of each sector can be identified by thehead position. The start position of each sector is identified by amagnetic mark.

The OS has a driver for the file system that the OS supports. The driveridentifies the physical format and logical format of the file system,and can reach the file allocation table or each file by going over thesectors in each partition and then can read the contents of the fileallocation table or the target file or write data therein.

FIG. 24 shows the file system for constructing the secret area accordingto the present invention. Although the ordinary file system has sectorsallocated at equal intervals, the present file system does not employsuch allocation. A sector allocation table is located at the head of thefirst sector SC1. The sector allocation table has sector positionsrecorded therein in the following form.

Head position #2, head position #3, . . . , and head position #nrespectively indicate the positions of the second sector SC2, the thirdsector SC3, . . . , and the n-th sector SCn.

The sector allocation table is encrypted. The key that decrypts thisencryption depends on an ID specific to the system. The system'sspecific ID may be the ID of the OS, the ID of the BIOS or the ID of theCPU.

Further, a file allocation table FT is located at the head of the secondsector SC2 in the following form.

-   -   (file 1, (sector number, intra-sector position))    -   (file 2, (sector number, intra-sector position))    -   .    -   .    -   .

The intra-sector position is the number of bytes from the head of theassociated sector. The file allocation table FT is also encrypted. Thekey that decrypts this encryption likewise depends on the specific ID ofthe system.

Access to the file system of the present invention is executed by usinga special driver (the secret-area driver 7 in FIG. 1). FIG. 25 shows theoperation of the secret-area driver 7. This driver 7 has a capability ofaltering the sector allocation. FIG. 26 illustrates the operation of thesecret-area driver 7 at the time of altering the sector allocation.

(Authentication)

The following will discuss an example of mutual authentication which iscarried out, for example, when the MC 13 is loaded into the LCM 1 and anexample of an authentication process which is executed at the time ofaccessing to the secret area. This authentication is the one that hasconventionally been employed using a public-key encryption technique,but the present invention is in no way limited to this particular type.

A description will be given of authentication between two devices (e.g.,LCM 1 and MC 13) A and B in the case where A authenticates B that triesto gain access to A, by referring to FIG. 20.

In this case, the device A has a public key kp and the device B, ifcapable of accessing the device A, holds a secret key ks correspondingto the public key kp. When receiving a random number R generated by thedevice A, the device B encrypts the random number with the secret key ks(the encrypted number is represented by ks[R]) and sends ks[R] back tothe device A. The device A decrypts ks[R] using the public key, anddetermines that the device B is legitimate one if the decryption resultmatches with the previously generated random number R.

Thereafter, the same procedures are performed on the device A from thedevice B to thereby ensure mutual authentication. In this case, thedevice B has a public key and the device A has a secret key and encryptsthe random number, generated by the device B, by using the secret key.The device B decrypts the encrypted random number using the public keyand checks if the decryption result matches with the previouslygenerated random number.

As described in details, the present invention can efficiently regulatethe number of copied contents and can thus adequately protect thecopyright of contents.

Additional advantages and modifications will readily occur to thoseskilled in the art. Therefore, the invention in its broader aspects isnot limited to the specific details and representative embodiments shownand described herein. Accordingly, various modifications may be madewithout departing from the spirit or scope of the general inventiveconcept as defined by the appended claims and their equivalents.

1-16. (canceled)
 17. A contents managing method capable of controllingcontent copying, comprising: providing a content to which apredetermined number of allowable copies is allocated; decreasing thenumber of allowable copies allocated to the content when the content iscopied onto a recording medium; and storing identification informationof the recording medium in a restricted memory area that is accessiblethrough security procedures when the content is copied onto therecording medium.
 18. The contents managing method according to claim17, wherein the decreasing includes decreasing the number of allowablecopies allocated to the content by “1” every time the content is copiedonto the recording medium.
 19. The contents managing method according toclaim 17, further comprising: storing, in addition to the identificationinformation of the content, a corresponding checkout list havingidentification information of the recording medium onto which thecontent has been copied; and controlling checkout of the content byreferring to at least the stored identification information of thecontent and the corresponding checkout list.
 20. A contents managingmethod capable of controlling content copying, comprising: providing acontent to which a predetermined number of allowable copies isallocated; decreasing the number of allowable copies allocated to thecontent when the content is copied onto a recording medium; and storingflag information, which indicates whether the copied content on therecording medium is movable, in a restricted memory area that isaccessible through security procedures.
 21. The contents managing methodaccording to claim 20, wherein the decreasing includes decreasing thenumber of allowable copies allocated to the content by “1” every timethe content is copied onto the recording medium.
 22. The contentsmanaging method according to claim 20, further comprising: storing, inaddition to the identification information of the content, acorresponding checkout list having identification information of therecording medium onto which the content has been copied; and controllingcheckout of the content by referring to at least the storedidentification information of the content and the corresponding checkoutlist.
 23. A contents managing method capable of controlling contentcopying, comprising: providing a content to which a predetermined numberof allowable copies is allocated; and decreasing the number of allowablecopies allocated to the content when the content is copied onto arecording medium, wherein the recording medium is one of a first type ofrecording medium comprising an area for storing identificationinformation of the recording medium and a restricted memory area that isaccessible through security procedures, a second type of recordingmedium comprising an area for storing information of the recordingmedium and an unrestricted memory area, and a third type of recordingmedium comprising an unrestricted memory area, and wherein a type of therecording medium is determined and a content regulation process based onthe type is performed when one of recording the content on the recordingmedium, erasing the copied content on the recording medium when theidentification information of the recording medium is stored in therestricted memory area, or reproducing the copied content on therecording medium is executed.
 24. The contents managing method accordingto claim 23, wherein the decreasing includes decreasing the number ofallowable copies allocated to the content by “1” every time the contentis copied onto the recording medium.
 25. The contents managing methodaccording to claim 23, further comprising: storing, in addition to theidentification information of the content, a corresponding checkout listhaving identification information of the recording medium onto which thecontent has been copied; and controlling checkout of the content byreferring to at least the stored identification information of thecontent and the corresponding checkout list.
 26. A contents managingapparatus capable of controlling content copying, comprising: a storagedevice configured to provide a content to which a predetermined numberof allowable copies is allocated; and a manager configured to decreasethe number of allowable copies allocated to the content when the contentis copied onto a recording medium, and to store identificationinformation of the recording medium in a restricted memory area that isaccessible through security procedures when the content is copied ontothe recording medium.
 27. The contents managing apparatus according toclaim 26, wherein the manager decreases the number of allowable copiesallocated to the content by “1” every time the content is copied ontothe recording medium.
 28. The contents managing apparatus according toclaim 26, wherein the manager is further configured to store, inaddition to the identification information of the content, acorresponding checkout list having identification information of therecording medium onto which the content has been copied, and to controlcheckout of the content by referring to at least the storedidentification information of the content and the corresponding checkoutlist.
 29. A contents managing apparatus capable of controlling contentcopying, comprising: a storage device configured to provide a content towhich a predetermined number of allowable copies is allocated; and amanager configured to decrease the number of allowable copies allocatedto the content when the content is copied onto a recording medium, andto store flag information, which indicates whether the copied content onthe recording medium is movable, in a restricted memory area that isaccessible through security procedures.
 30. The contents managingapparatus according to claim 29, wherein the manager decreases thenumber of allowable copies allocated to the content by “1” every timethe content is copied onto the recording medium.
 31. The contentsmanaging apparatus according to claim 29, wherein the manager is furtherconfigured to store, in addition to the identification information ofthe content, a corresponding checkout list having identificationinformation of the recording medium onto which the content has beencopied, and to control checkout of the content by referring to at leastthe stored identification information of the content and thecorresponding checkout list.
 32. A contents managing apparatus capableof controlling content copying, comprising: a storage device configuredto provide a content to which a predetermined number of allowable copiesis allocated; and a manager configured to decrease the number ofallowable copies allocated to the content when the content is copiedonto a recording medium, and wherein the recording medium is one of afirst type of recording medium comprising an area for storingidentification information of the recording medium and a restrictedmemory area that is accessible through security procedures, a secondtype of recording medium comprising an area for storing information ofthe recording medium and an unrestricted memory area, and a third typeof recording medium comprising an unrestricted memory area, and themanager is further configured to determine a type of the recordingmedium and perform a content regulation process based on the type whenexecuting one of recording the content on the recording medium, erasingthe copied content on the recording medium, or reproducing the copiedcontent on the recording medium.
 33. The contents managing apparatusaccording to claim 32, wherein the manager decreases the number ofallowable copies allocated to the content by “1” every time the contentis copied onto the recording medium.
 34. The contents managing apparatusaccording to claim 32, wherein the manager is further configured tostore, in addition to the identification information of the content, acorresponding checkout list having identification information of therecording medium onto which the content has been copied, and to controlcheckout of the content by referring to at least the storedidentification information of the content and the corresponding checkoutlist.